Check Point CloudGuard CNAPP vs Lacework FortiCNAPP comparison

Check Point CloudGuard CNAPP vs. Lacework FortiCNAPP

Download the complete report

Helped 825,399 peers since 2012

Categories and Ranking

SentinelOne Singularity Clo...

Mindshare comparison

As of January 2025, in the Vulnerability Management category, the mindshare of SentinelOne Singularity Cloud Security is 1.4%, up from 0.3% compared to the previous year. The mindshare of Check Point CloudGuard CNAPP is 1.5%, up from 1.3% compared to the previous year. The mindshare of Lacework FortiCNAPP is 1.5%, down from 2.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Vulnerability Management

Featured Reviews

Andrew W

VP - Information Technology at a financial services firm with 201-500 employees

Tells us about vulnerabilities as well as their impact and helps to focus on real issues

Looking at all the different pieces, it has got everything we need. Some of the pieces we do not even use. For example, we do not have Kubernetes Security. We are not running any K8 clusters, so it is good for us. Overall, we find the solution to be fantastic. There can be additional education components. This may not be truly fair to them because of what the product is going for, but it would be great to see additional education for compliance. It is not a criticism of the tool per se, but anything to help non-development resources understand some of the complexities of the cloud is always appreciated. Any additional educational resources are always helpful for security teams, especially those without a development background.

Read full review

Yokesh Mani

Deputy Manager at Computer Age Management Services Pvt. Ltd.

Easy to write custom rules and policies in the UI with limited coding knowledge

The user interface could be improved. Sometimes, the visibility is not immediately available for the environment. We have the native servers that come with the solutions, but we cannot see them in the Check Point log. Another issue is with the integrated file monitoring. It would make sense to have stuff like file integrity monitoring and malware scanning available within this module because we don't want to integrate another product. For example, let's say it's showing a process violation. It should be able to do some additional malware scanning in that particular bucket to get some additional information. I don't want to integrate with another third-party tool or go to the native server to check something. It would be helpful to have integrated monitoring and malware scanning for the file types. There are a few flaws with the security management portal where I have limited visibility into the workload protection features. There is no error visibility where I can see the communication and workflow between services. Some of the dashboards need to be fine-tuned if they are not customized. For example, I cannot customize anything on the effective risk management dashboard. Some of the information is not correct for my tenant. With respect to passwords and user management, there are no policies I can measure at the user level. If the user was created more than six months ago, you don't need to worry about that password or do anything like two-factor authentication associated with that user. They can still log in after six months or one year. It's also a challenge to use CloudGuard's agentless workload posture with AWS. An Azure storage is summed up with a CNAPP encryption by default. We tried onboarding this data, but the problem is the attachment is not done. After a few days, we identified that it was impossible to do the encryption detection. But CloudGuard's default rules say that this has to be encrypted. The AWS module says that we cannot access this volume with this encryption, so we cannot use an agentless workload posture with AWS because of this. It is a best practice to ensure that all the volumes are being encrypted. Without the encryption, how can I do this? It is a big challenge for CloudGuard.

Read full review

Carlos Vitrano

Cloud security director at Medallia

Provides quick visibility and significantly reduces alerts

Its integrations with third-party SIEMs can be better. That is one of the things that we discussed with them. We have integrations, for instance, with Splunk. The data that we are receiving in Splunk is huge, and it is valid because Lacework has a bunch of data that they can provide to you. However, to be able to import the data and create alerts, we needed to do some work, so integration is one of the things that they can improve. For container security, how they scan images and how they provide results is something that they need to continue improving in terms of visibility. We already have visibility to several artifacts, but they can take that to the next level and see what else they can do. There can be better integrations with CI/CD pipelines. There can be improvements in terms of how we can take action or how we can report from the number of inventories they are providing to us.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The tool identifies issues quickly."

"PingSafe's most valuable feature is its unified console."

"I did a lot of research before signing up and doing the demo. They have a good reputation as far as catching threats early on."

"SentinelOne Singularity Cloud Security offers valuable features like runtime notifications. These alerts come to my account, ensuring that if any port or component within my infrastructure is opened or compromised, I am informed immediately. It highlights issues within minutes or even seconds."

"The most valuable aspect of Singularity Cloud Security is its unified dashboard."

"The most valuable feature of the solution is its storyline, which helps trace an event back to its source, like an email or someone clicking on a link."

"Cloud Native Security is user-friendly. Everything in the Cloud Native Security tool is straightforward, including detections, integration, reporting, etc. They are constantly improving their UI by adding plugins and other features."

"Cloud Native Security's evidence-based reporting allows us to prioritize issues by understanding their impact, helping us resolve the most important problems first."

More SentinelOne Singularity Cloud Security pros

"The way they offer container security is a big highlight that I have noticed. The solution is also agentless, so the scanning, runtime, really everything is offered directly by CloudGuard."

"The comprehensive security for IaaS and PaaS cloud assets provides efficient security awareness to all the teams."

"The reporting against compliance is an important feature that helps you comply with policies and standards within your organization."

"This solution provides threat prevention and detection of anomalies automatically and investigates the activity of each one of them."

"The feature that I find most valuable is the blocking feature."

"The most valuable features of CloudGuard CNAPP are its reporting capabilities for aggregating vulnerability information and scoring."

"I can take proactive actions based on an alert without having to interact with the platform directly."

"People implementing this solution are concerned with addressing a significant risk, and within the AWS realm, this tool does de-risk substantially."

More Check Point CloudGuard CNAPP pros

"I find the cloud configuration compliance scanning mature. It generates a lot of data and supports major frameworks like ISO 27001 or SOC 2, providing reports and datasets. Another feature I appreciate is setting custom alerts for specific events. Additionally, I value the agent-based monitoring and scanning for compute nodes. It gives us deeper insights into our workloads and helps identify vulnerabilities across our deployed assets."

"The most valuable feature is Lacework's ability to distill all the security and audit logs. I recommend it to my customers. Normally, when I consult for other customers that are getting into the cloud, we use native security tools. It's more of a rule-based engine."

"For the most part, out-of-the-box, it tells you right away about the things you need to work on. I like the fact that it prioritizes alerts based on severity, so that you can focus your efforts on anything that would be critical/high first, moderate second, and work your way down, trying to continue to improve your security posture."

"The most valuable feature, from a compliance perspective, is the ability to use Lacework as a platform for multiple compliance standards. We have to meet multiple standards like PCI, SOC 2, CIS, and whatever else is out there. The ability to have reports generated, per security standard, is one of the best features for me."

"The best feature, in my opinion, is the ease of use."

"There are many valuable features that I use in my daily work. The first are alerts and the event dossier that it generates, based on the severity. That is very insightful and helps me to have a security cap in our infrastructure. The second thing I like is the agent-based vulnerability management, which is the most accurate information."

"Polygraph compliance is a valuable feature. In our perspective, it delivers significant benefits. The clarity it offers, along with the ability to identify and address misconfigurations, is invaluable. When such issues arise, we promptly acknowledge and take action, effectively collaborating with our teams and the responsible parties for those assets. This enables us to promptly manage problems as soon as they arise."

"Lacework is helping a lot in reducing the noise of the alerts. Usually, whenever you have a tool in place, you have a lot of noise in terms of alerts, but the time for an engineer to look into those alerts is limited. Lacework is helping us to consolidate the information that we are getting from the agents and other sources. We are able to focus only on the things that matter, which is the most valuable thing for us. It saves time, and for investigations, we have the right context to take action."

More Lacework FortiCNAPP pros

Cons

"For SentinelOne, improvements could be made in managing Internet dependency as cloud-based operations can pose challenges in environments with limited connectivity."

"PingSafe's current documentation could be improved to better assist customers during the cluster onboarding process."

"I request that SentinelOne investigate this false positive, as SentinelOne has a higher false positive rate than other XDR solutions."

"The areas with room for improvement include the cost, which is higher compared to other security platforms. The dashboard can also be laggy."

"A two-month grace period for extended searches would be a valuable improvement."

"It took us a while to configure the software to work well in this type of environment, as the support documents were not always clear."

"The area of improvement is the cost, which is high compared to other traditional endpoint protections."

"We use PingSafe and also SentinelOne. If PingSafe integrated some of the endpoint security features of SentinelOne, it would be the perfect one-stop solution for everything. We wouldn't need to switch between the products. At my organization, I am responsible for endpoint security and vulnerability management. Integrating both functions into one application would be ideal because I could see all the alerts, heat maps, and reports in one console."

More SentinelOne Singularity Cloud Security cons

"In general, for the product to be successful, they need to improve security, and configuration detection."

"The entire system is complicated, and the setup process may not cater to the company's demands."

"The software configurations theory is complicated, and without proper planning and a well-skilled technical team, it cannot perform its tasks properly."

"In Dome9, there should be a policy validation option where we can validate the policy before we push it into production."

"The integration process could be enhanced by enabling integration at the organizational level rather than requiring the manual setup of individual accounts."

"We're looking for a solution that can incorporate legacy infrastructure for some of our business needs."

"I would like them to include support for their products in languages other than English."

"The user interface could be improved. Sometimes, the visibility is not immediately available for the environment. We have the native servers that come with the solutions, but we cannot see them in the Check Point log. Another issue is with the integrated file monitoring. It would make sense to have stuff like file integrity monitoring and malware scanning available within this module because we don't want to integrate another product."

More Check Point CloudGuard CNAPP cons

"Its integrations with third-party SIEMs can be better. That is one of the things that we discussed with them."

"Lacework lacks remediation features, but I believe they're working on that. They're focused on the reporting aspect, but other features need to improve. They're also adding some compliance features, so it's not worth saying they need to get better at it."

"Lacework has not reduced the number of alerts we get. We've actually had to add resources as a result of using it because the application requires a lot of people to understand it to get the value out of it properly."

"There are a couple of the difficulties we encounter in the realm of cybersecurity, or security as a whole, that relate to potentially limited clarity. Having the capacity to perceive the configuration aspect and having the ability to contribute to it holds substantial advantages, in my view. It ranks high, primarily due to its role in guaranteeing compliance and the potential to uncover vulnerabilities, which could infiltrate the system and introduce potential risks. I had been exploring a specific feature that captured my interest. However, just yesterday, I participated in a product update session that announced the imminent arrival of this feature. The feature involves real-time alerting. This was something I had been anticipating, and it seems that this capability is now being integrated, possibly as part of threat intelligence. While anomaly events consistently and promptly appear in the console, certain alerts tend to experience delays before being displayed. Yet, with the recent product update, this issue is expected to be resolved. Currently, a comprehensive view of all policies is available within the console. However, I want a more tailored display of my compliance posture, focusing specifically on policies relevant to me. For instance, if I'm not subject to HIPAA regulations, I'd prefer not to see the HIPAA compliance details. It's worth noting that even with this request, there exists a filtering mechanism to control the type of compliance information visible. This flexibility provides a workaround to my preference, which is why it's challenging for me to definitively state my exact request."

"Visibility is lacking, and both compliance-related metrics and IAM security control could be improved."

"The solution lacks a cohesive data model, making extracting the necessary data from the platform challenging. It uses its own LQL query language, and each database across different layers and modules is structured differently, complicating correlation efforts. Consequently, I had to create extensive custom reports outside Lacework because their default dashboards didn't communicate risk metrics. They're addressing these issues by redesigning their tools, including introducing the dashboard, which is a step closer to actionable insights but still needs refinement."

"The configuration and setup of alerts should be easier. They should make it easier to integrate with systems like Slack and Datadog. I didn't spend too much time on it, but to me, it wasn't as simple as the alerting that I've seen on other systems."

"I would like to see a remote access assistance feature. And the threat-hunting platform could be better."

More Lacework FortiCNAPP cons

Pricing and Cost Advice

"While I'm slightly out of touch with pricing, I know SentinelOne is much cheaper than other products."

"Its pricing was a little less than other providers."

"The tool is cost-effective."

"SentinelOne provided competitive pricing compared to other vendors, and we are satisfied with the deal."

"The pricing is fair. It is not inexpensive, and it is also not expensive. When managing a large organization, it is going to be costly, but it meets the business needs. In terms of what is out there on the market, it is fair and comparable to what I have seen, so I do not have any complaints about the cost"

"The price depends on the extension of the solution that you want to buy. If you want to buy just EDR, the price is less. XDR is a little bit more expensive. There are going to be different add-ons for Singularity."

"The tool is cost-effective."

"Singularity Cloud Security by SentinelOne is cost-efficient."

More SentinelOne Singularity Cloud Security pricing and cost advice

"CloudGuard is fairly priced."

"They support either annual licensing or hourly. At the time of our last negotiation, it was either one or the other, you could not mix or match. I would have liked to mix/match. "

"I would advise taking into account the existing number of devices and add a forecast of the number of devices to be added in the coming year or two, to obtain better pricing."

"We have the enterprise-level license and we renew it annually because it is worth the cost."

"Check Point CloudGuard Posture Management is expensive."

"Licensing and costs are straightforward, as they have a baseline of 100 workloads within one license and no additional charges."

"The license fee is high."

"Its price is very fair."

More Check Point CloudGuard CNAPP pricing and cost advice

"My smaller deployments cost around 200,000 a year, which is probably not as expensive as Wiz."

"It is slightly expensive. It depends on how big your environment is, but it is expensive. Right now, we are spending a lot of money. We have covered all of the cloud providers and most of our colocation facilities as well, so we cannot complain, but it is slightly expensive. It is not super expensive."

"The pricing has gotten better. That scenario was somewhat unstable. They have a rather interesting licensing structure. I believe you get 200 resources per "Lacework unit." It was difficult, in the beginning, to figure out exactly what a "resource" was... That was a problem until about a year or so ago. They have improved it and it has stabilized quite a bit."

"The licensing fee was approximately $80,000 USD, per year."

See which vendors are best for you

Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.

See recommendations

825,399 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

19%

Financial Services Firm

15%

Manufacturing Company

Government

Financial Services Firm

16%

Computer Software Company

14%

Manufacturing Company

University

Computer Software Company

18%

Financial Services Firm

13%

Manufacturing Company

Retailer

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about PingSafe?

The dashboard gives me an overview of all the things happening in the product, making it one of the tool's best featu...

What is your experience regarding pricing and costs for PingSafe?

The pricing is somewhat high compared to other market tools. This cost can be particularly prohibitive for small busi...

What needs improvement with PingSafe?

SentinelOne Singularity Cloud Security has limited legacy system support and may not fully support older operating sy...

What do you like most about Check Point CloudGuard Posture Management?

The visibility in our cloud environment is the most valuable feature.

What is your experience regarding pricing and costs for Check Point CloudGuard Posture Management?

The price is on the higher end.

What needs improvement with Check Point CloudGuard Posture Management?

We have concerns regarding the pricing and would appreciate seeing some improvements.

What do you like most about Lacework?

Polygraph compliance is a valuable feature. In our perspective, it delivers significant benefits. The clarity it offe...

What is your experience regarding pricing and costs for Lacework?

My smaller deployments cost around 200,000 a year, which is probably not as expensive as Wiz.

What needs improvement with Lacework?

The solution lacks a cohesive data model, making extracting the necessary data from the platform challenging. It uses...

Wiz vs SentinelOne Singularity Cloud Security

Comparisons

Compared 30% of the time

Prisma Cloud by Palo Alto Networks vs SentinelOne Singularity Cloud Security

Compared 23% of the time

AWS GuardDuty vs SentinelOne Singularity Cloud Security

Compared 8% of the time

Orca Security vs SentinelOne Singularity Cloud Security

Compared 6% of the time

Qualys VMDR vs SentinelOne Singularity Cloud Security

Compared 3% of the time

More SentinelOne Singularity Cloud Security Competitors

Prisma Cloud by Palo Alto Networks vs Check Point CloudGuard CNAPP

Compared 25% of the time

Wiz vs Check Point CloudGuard CNAPP

Compared 18% of the time

Microsoft Defender for Cloud vs Check Point CloudGuard CNAPP

Compared 10% of the time

AWS GuardDuty vs Check Point CloudGuard CNAPP

Compared 10% of the time

Tenable Security Center vs Check Point CloudGuard CNAPP

Compared 2% of the time

More Check Point CloudGuard CNAPP Competitors

Wiz vs Lacework FortiCNAPP

Compared 29% of the time

Prisma Cloud by Palo Alto Networks vs Lacework FortiCNAPP

Compared 15% of the time

AWS GuardDuty vs Lacework FortiCNAPP

Compared 9% of the time

Aqua Cloud Security Platform vs Lacework FortiCNAPP

Compared 6% of the time

Tenable Cloud Security vs Lacework FortiCNAPP

Compared 3% of the time

More Lacework FortiCNAPP Competitors

Product Reports

SentinelOne Singularity Cloud Security

Download SentinelOne Singularity Cloud Security product report

SentinelOne Singularity Cloud Security report

Check Point CloudGuard CNAPP

Download Check Point CloudGuard CNAPP product report

Lacework FortiCNAPP

Download Lacework FortiCNAPP product report

Also Known As

PingSafe

Check Point CloudGuard Posture Management, Dome9, Check Point CloudGuard Workload Protection, Check Point CloudGuard Intelligence

Polygraph, FortiCNP

Learn More

SentinelOne

Check Point Software Technologies

Fortinet

Overview

SentinelOne Singularity Cloud Security protects cloud workloads, offering advanced threat detection and automated response. It integrates seamlessly with cloud environments and secures containerized applications and virtual machines against vulnerabilities.

SentinelOne Singularity Cloud Security is renowned for its efficiency in mitigating threats in real-time. The platform integrates effortlessly with existing cloud environments, ensuring robust cloud security management with minimal manual intervention. Securing containerized applications and virtual machines, it excels in threat intelligence and endpoint protection. However, improvements are needed in performance during high workload periods, and more integrations with third-party tools and better documentation would be beneficial. Users often find the installation process complex, support response times slow, and the dashboard's navigation unintuitive.

What are the key features of SentinelOne Singularity Cloud Security?

Real-time Threat Detection: Identifies and mitigates threats as they occur.
Automated Response: Automatically responds to threats to minimize impact.
Ease of Deployment: Simple setup process with scalable options.
Machine Learning Insights: AI-driven insights enhance threat prevention.
Seamless Integration: Integrates with cloud environments for unified security management.

What are the primary benefits or ROI to expect from SentinelOne Singularity Cloud Security?

Enhanced Threat Mitigation: Improved security against real-time threats.
Reduced Manual Intervention: Automated processes save time and resources.
Scalability: Easily adapts to growing security requirements.
Centralized Management: Manage security across platforms from a single console.
Advanced Threat Intelligence: Provides in-depth analysis and protection.

In specific industries, SentinelOne Singularity Cloud Security is implemented to safeguard critical data and infrastructure. Organizations in finance, healthcare, and technology depend on its real-time threat detection and automated response to protect sensitive information. Its ability to secure containerized applications and virtual machines is particularly valuable in dynamic environments where rapid scaling is necessary.

Check Point CloudGuard CNAPP is a cloud-native application protection platform designed to secure your cloud environments and applications. By combining CSPM, CWPP, CSNS, and WAF capabilities, it provides a comprehensive solution to protect your cloud environment from a wide range of threats.

CloudGuard CNAPP delivers end-to-end cloud security, including workload protection, vulnerability management, and identity management, all while maintaining continuous compliance. It uses advanced AI to detect and prevent threats, offering protection for containers, serverless applications, and APIs. CloudGuard CNAPP also emphasizes simplifying security management, integrating directly with cloud platforms like AWS, Azure, and GCP.

CloudGuard CNAPP provides customers with more context to drive actionable security and smarter prevention, from code-to-cloud, across the application lifecycle. More Context Means Actionable Security, Smarter Prevention. The primary components are:

Unified & Modular Platform - A single platform unifying SAST, CSPM, DSPM, CIEM, CWPP, WAF, and Cloud Detection and Response.
Continuous Cloud Security - Automatic enforcement of security requirements and internal policies from development to runtime.
Real-time Detection & Protection - Real-time incidents and vulnerability detection with a single-click or automated remediation.

What are the key features of CloudGuard CNAPP?

Workload Protection: Secures cloud-based workloads, including VMs, containers, and serverless functions, from vulnerabilities and attacks.
Posture Management: Continuously monitors cloud configurations and assets to ensure compliance with security standards and policies.
Threat Prevention: Uses AI-driven threat detection to block malware, ransomware, and zero-day exploits in real-time.
Compliance Automation: Automates compliance checks and ensures adherence to industry regulations, such as GDPR, HIPAA, and PCI-DSS.
Identity and Access Management (IAM) Protection: Secures identities by managing access policies and detecting misconfigurations in permissions.

What are the key benefits to consider?

Improved Cloud Visibility: Provides clear insights into cloud environments, assets, and workloads, helping teams detect misconfigurations and vulnerabilities early.
Risk Reduction: Threat prevention features help reduce the risk of breaches by identifying and blocking potential attacks before they can exploit system weaknesses.
Operational Efficiency: Automated compliance and posture management reduce the manual work needed to maintain security standards.
Multi-cloud Support: CloudGuard CNAPP integrates across AWS, Azure, and Google Cloud, streamlining security operations for hybrid and multi-cloud deployments.

Check Point CloudGuard CNAPP simplifies cloud security management with integrated protection and automation.

Lacework FortiCNAPP provides robust cloud security, combining vulnerability management and multi-cloud insight with user-friendly controls, machine learning detection, and compliance support.

Lacework FortiCNAPP specializes in cloud security by merging machine learning anomaly detection with agent-based vulnerability management to offer detailed alerts and compliance reports. Its comprehensive approach allows continuous monitoring across AWS and Kubernetes, providing insights from an attacker's perspective. The platform offers automation and seamless Slack integration, facilitating collaborative and efficient cloud security management. Users value its ability to handle multi-cloud environments and scan IAC scripts, configurations, and compute nodes across AWS and GCP.

What are the key features?

Machine Learning Detection: Identifies anomalies effectively.
Compliance Reports: Provides precise compliance documentation.
Vulnerability Management: Supports agent-based vulnerability assessments.
Multi-Cloud Support: Manages and secures across multiple cloud providers.
Automation and Collaboration: Enables integration with Slack for streamlined communication.
Custom Alerts: Allows creation of personalized alerts for better focus.

What benefits do users expect?

Reduced Alert Noise: Minimizes distractions with filtered alerts.
Efficient Cloud Security: Automates processes for enhanced security management.
Collaboration Support: Integrates with tools like Slack.
Insightful Perspective: Provides insight from an attacker's viewpoint.

Organizations across sectors leverage Lacework FortiCNAPP for cloud security, focusing on compliance, security posture, and vulnerability management. It is widely used for monitoring AWS and Kubernetes environments, scanning IAC scripts, configurations, and securing compute nodes. It supports multi-cloud security posture management and log ingestion, enabling companies to maintain strong cloud infrastructures without dedicated security layers.

Sample Customers

Information Not Available

Symantec, Citrix, Car and Driver, Virgin, Cloud Technology Partners

J.Crew, AdRoll, Snowflake, VMWare, Iterable, Pure Storage, TrueCar, NerdWallet, and more.

Check Point CloudGuard CNAPP vs. Lacework FortiCNAPP